INTRODUCTION
Purpose
This document sets out the principles and standards for compliance and management of risks associated with financial crime in TETO Bank., incorporated in Canada, Reg. Nr.BC1406818 and registered with the Financial Transactions and Reports Analysis Centre (FINTRAC) in Canada.
The purpose of this document is to prevent the TETO Bank from being used for financial crime to comply with all applicable legal requirements and to ensure that TETO Bank takes the most appropriate action to mitigate the risks associated with financial crime
This document outlines the applicable legal requirements related to financial crime to which the TETO Bank must adhere, as well as internal measures that the TETO Bank establishes to ensure it complies with these legal requirements. This document is referred to as the AntiMoney Laundering (AML), Counter-Terrorist Financing (CTF), Counter-Proliferation Financing (CPF), and Sanctions Policy (the Policy) and sets the parameters for the CTETO Bank about the AML, CTF, CPF, and sanctions framework.
Scope and application
The Policy applies to all CTETO Bank employees, all units in the TETO Bank, senior management, foreign correspondents, contractors, and third parties with whom TETO Bank may contract. The aim of the TETO Bank is not only to comply with relevant legal requirements but also to mitigate and reduce the potential risk to the TETO Bank of our customers using our products, services, and delivery channels to launder the proceeds of illegal activity, fund terrorist activity or conduct prohibited financial sanctions activity.
The Policy is updated at least once a year, or more frequently based on international requirements and legislative changes, particularly with the implementation of the Canadian Payments Act, Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) or Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTF Regulations) and associated Regulations or Financial Transactions and Reports Analysis Centre (FINTRAC) Guidance on the RiskBased Approach and Compliance program requirements.
Terms
These are terms you should be familiar with:
2.Money Laundering and terrorism financing overview
Money laundering
Money laundering (ML) refers to the legitimization (‘washing’) of illegally obtained money to hide its true nature or source. ML involves funds being passed surreptitiously through legitimate business channels using deposits, investments, or transfers from one place (or person) to another. Through the laundering process, illegally obtained funds, or crime funds, are given the appearance of having been legitimately obtained.
ML is a method through which criminals disguise the illegal origins of their wealth – protecting their asset bases – as a means of avoiding the suspicion of law enforcement agencies and preventing leaving a trail of incriminating evidence. The act of laundering is committed in circumstances where a person is engaged in an arrangement (i.e. by providing a service or product), and that arrangement involves the proceeds of the crime. These arrangements include a wide variety of business relationships,
e.g. banking, fiduciary, and investment management.
Interpol defines ML as, “Any act, or attempted act, to conceal or disguise the identity of illegally obtained proceeds (funds) so that they appear to have originated from legitimate sources.”
Terrorism Financing
Terrorism Financing (TF) involves providing finance or financial support to individual terrorists or terrorist organizations. A TF risk comprises three factors: threat, vulnerability and consequence.
Threat: This may be a person or a group of people with the potential to cause harm by raising, moving, storing or using funds and other assets (whether from legitimate or illegitimate sources) for terrorist purposes. Threats may include domestic or international terrorist organizations and their facilitators, their funds, as well as past, present, and future TF activities, as well as individuals or populations having sympathy towards the terrorist organizations.
Vulnerability: This involves areas that can be exploited by the threat or provide support to terrorist activities. Vulnerabilities may include:
• features of a particular sector;
• a financial product or type of service that are easy targets for TF;
• weaknesses in measures specifically meant for TF, or more broadly in AML/CFT systems or controls; or
• jurisdictions with a higher risk of TF and ease of raising or moving funds/assets (e.g. large informal economy, porous borders etc).
Consequence: This relates to the impact of a vulnerability. Consequences are effects resulting from the underlying terrorist activity perpetrated through financial systems and impacting the social fabric of the country. These consequences are usually more severe than for ML or other types of financial crime (e.g. tax fraud etc), causing damage including the loss of lives.
Terrorists may move or transfer funds and assets through various methods, including:
• using the financial system to transfer funds;
• relying on systems such as the hawala system in areas with less developed financial systems are often employed for multiple small amounts of fund transfers; and
• using international trade networks to transfer assets
Stages of Money Laundering
Traditionally, it has been accepted that the money laundering process comprises three stages. These stages, while they can be separate and distinct, most frequently occur simultaneously, or often overlap. It all depends on the facilities of the launderer, the requirements of the criminals, and on the robustness, or otherwise, of the regulatory and legal requirements linked to the effectiveness of the monitoring systems of the financial or regulated sector. However, while a convenient way of describing the activity, this three- stage model is a little simplistic, therefore it does not fully reflect what actually happens.
Placement: Placing the criminal funds into the financial system directly or indirectly.
At this stage, illegal funds or assets are initially brought into the financial system. This placement makes the funds more liquid. For example, if cash is converted into a deposit, it becomes easier to transfer and manipulate. Money launderers place illegal funds using a variety of techniques, which include depositing cash into accounts and using cash to purchase assets.
Layering: The process of separating criminal proceeds from their source by using complex layers of financial transactions designed to hide the audit trail and provide anonymity.
To conceal the illegal origin of the placed funds, thereby making them more useful, the funds must be moved, dispersed and disguised. The process of distancing the placed funds from their illegal origins is known as layering. At this stage, money launderers use many different techniques to layer the funds. These techniques include using multiple and accounts, having professionals act as intermediaries, and transacting through corporations and trusts. Funds may be shuttled through a web of many accounts, companies, and countries in order to disguise their origins.
Integration: If the layering process succeeds, integration schemes place the laundered proceeds back into the legitimate economy in such a way that they appear to be normal business funds.
Once the funds are layered and distanced from their origins, they are made available to criminals to use and control as seemingly legitimate funds. This final stage in the money laundering process is called integration. The laundered funds are made available for activities such as investment in legitimate (or illegitimate) businesses or spent to promote the criminals’ lifestyle. At this stage, the illegal money has achieved the appearance of legitimacy.
It should be noted that not all money laundering transactions go through this three- stage process. Transactions designed to launder funds can also be executed in one or two stages, depending on the money laundering technique being used.
If coordinated successfully, money laundering allows criminals to maintain control over their proceeds and ultimately provide a legitimate cover for their source of income. Money laundering plays a fundamental role in facilitating the ambitions of the drug trafficker, the terrorist, the organized criminal, the insider dealer, and the tax evader, as well as the many others who need to avoid the scrutiny from the authorities that sudden wealth brings from illegal activities. By engaging in this type of activity, it is hoped that proceeds can be placed beyond the reach of any asset forfeiture.
Reasons for Money Laundering
There are several reasons why people launder money. These include:
1.Hiding Wealth: Criminals can hide illegally accumulated wealth to avoid its seizure by authorities.
2.Avoiding Prosecution: Criminals can avoid prosecution by distancing themselves from illegal funds.
3.Evading Taxes: Criminals can evade taxes that would be imposed on earnings from the funds.
4.Increasing Profits: Criminals can increase profits by reinvesting illegal funds in businesses.
5.Becoming Legitimate: Criminals can use the laundered funds to build up a business and provide legitimacy to this business.
Social and Economic Consequences of Money Laundering
Undermining Financial Systems: Money laundering expands the black economy, undermines the financial system, and raises questions of credibility and transparency.
Expanding Crime: Money laundering encourages crime because it enables criminals to effectively use and deploy their illegal funds.
Criminalizing Society: Criminals can increase profits by reinvesting illegal funds in businesses.
Reducing revenue and control: Money laundering diminishes government tax revenue and weakens government control over the economy.
3. Regulations
Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)
Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) firm must establish an AML/CTF compliance program. The PCMLTF Regulations set out specific requirements, including:
The appointment of a person responsible for the compliance program;
The development and application of compliance policies and procedures that are up to date and approved by a senior officer;
A program to assess the risk of a money laundering or terrorist financing offense being conducted through the firm and implementation of measures to mitigate high-risk scenarios;
An ongoing written compliance training program for employees of the TETO Bank
A review of policies and procedures to test their effectiveness is to be conducted every two years by an internal or external auditor;
PCMLTFA and the latest redaction of FATF recommendations set out the requirement for relevant businesses to establish and maintain appropriate and risk-sensitive policies and procedures relating to:
Customer due diligence
Reporting
Record keeping
Internal control
Risk assessment and management (Risk Based Approach)
The monitoring and management of compliance, and
The internal communication of such policies and procedures, in order to prevent activities related to money laundering terrorist financing, and proliferation financing.
These policies and procedures must:
Identify and scrutinize
Complex or unusually large transactions
Unusual patterns of transactions which have no apparent economic or visible lawful purpose
Any other activity that could be considered to be related to money laundering terrorist financing or proliferation financing
Specify the additional measures that will be taken to prevent the use of products and transactions that favor anonymity for money laundering or terrorist financing
Determine whether a customer is a politically exposed person (see Annex 5 for definition and further guidance)
Nominate an individual in the organization to comply with, and receive disclosures under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations
Ensure employees report suspicious activity to the Nominated Officer.
Ensure the Nominated Officer considers such internal reports in the light of available information and determines whether they give rise to knowledge or suspicion or reasonable grounds for knowledge or suspicion of money laundering or terrorist financing.
The main principles encompassed by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations can be described as Risk Based Approach (RBA). RBA requires several steps to be taken to determine the most costeffective and proportionate way to manage and mitigate the money laundering and terrorist financing and proliferation financing and sanctions violation risks faced by the business.
The steps are to:
• Identify the money laundering and terrorist financing and proliferation financing and sanctions violation risks that are relevant to the business
• Assess the risks presented by the particular:
✓ Customers – types and behavior;
✓ Products and services;
✓ Delivery channels, for example, cash over the counter, electronic, wire transfer or cheque;
✓ Geographical areas of operation, for example, location of business premises, source or destination of customers’ funds;
✓ Complexity and volume of transactions;
Design and implement controls to manage and mitigate these assessed risks
Monitor and improve the effective operation of these controls
Record appropriately what has been done, and why
Financial Action Task Force (FATF)
The Financial Action Task Force (FATF) is an independent inter-governmental body founded based on cooperation between 32 states, the European Commission, and the Cooperation Council for the Arab States of the Gulf. The FATF has a prominent role in implementing international policies to prevent and combat money laundering and terrorist financing. FATF has provided international standards on combating money laundering and the funding of terrorism & proliferation (Recommendations) that are recognized as the global anti-money laundering (AML) and counter- terrorism financing (CFT) standards.
4.AML Principles
The purpose of the AML/CFT policy of TETO Bank is to establish the framework of the rules and procedures to be followed by TETO Bank to ensure that TETO Bank, its resources, its business, its services and/or its employees are not directly or indirectly used or involved in moneylaundering or the funding of terrorism and that TETO Bank complies with all its legal obligations relating to the prevention of money laundering and funding of terrorism at all times.
This policy applies to all business activities of TETO Bank within the scope of its relevant financial business. This policy and its procedures are to be followed by all employees of TETO Bank, who will be required to confirm that they have understood and will comply with their obligations under the AML/CFT procedures.
AML/CFT policy is set up to effectively implement, monitor, maintain and where necessary amend adequate procedures for the attainment of the AML policy’s objectives. The AML policy shall be implemented on the basis of a risk-based approach. In this respect, TETO Bank shall conduct a risk assessment of its business, which shall be regularly reviewed, on the outcome of which TETO Bank AML/CFT procedures shall be based and, where necessary, adjusted.
The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) requires businesses to have appropriate systems of internal control and communication in order to prevent activities related to money laundering and terrorist financing. In simple terms, this means that businesses must ensure that management controls are put in place that will alert the relevant people in the business to the possibility that criminals may be attempting to use the business to launder money or fund terrorism or fund proliferation or violate sanctions, so as to enable them to take appropriate action to prevent or report it.
Systems of internal control and communication must be capable of identifying unusual or suspicious transactions or customer activity, of identifying transactions and business relationships specified in a direction issued by FINTRAC. CTETO Bank must report suspicious transactions under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations.
The nature and extent of systems and controls that the business needs to put in place will depend on a variety of factors, including the following:
Degree of risk associated with each area of its operation
Nature, scale, and complexity of the business
Type of products, customers, and activities involved
Diversity of operations, including geographical diversity
Volume and size of transactions
Distribution channels.
Therefore, the TETO Bank has established an internal control procedure. The basis of the internal control process is well-defined authorizations, segregation of duties, identification of clients, ongoing due diligence, reporting suspicions, etc. The TETO Bank doesn’t have an internal audit unit, however, TETO Bank plans to carry out an auditing not less than once in two years, forming a group of three employees which are working in unrelated departments, unless it is assessed by the TETO Bank that a longer rotation cycle is appropriate. The decision of the participants of the formed group and the audit is made by the board of the company.
The TETO Bank regularly monitors changes in and compliance with relevant legislation and other legal requirements in order to mitigate money laundering terrorism financing proliferation financing and sanctions violation risks, as well as to make internal control procedures more efficient.
AML Program
TETO Bank has put into place the following components for an effective AML/CFT program:
Have an adequate management structure to supervise TETO Bank operations;
Designation of an MLRO and specification of his/her functions;
Cooperate with the competent authorities as may be necessary;
Monitor the financial transactions of its customers and detect and report any suspicious transactions to FINTRAC (for further details on suspicious transaction reporting, reference is made to the AML Procedure);
Preserve all relevant information in its possession that may be required by the relevant authorities investigating a suspicious activity;
Implementation of necessary KYC/CDD procedures as required;
Implementation of risk management procedures;
Implementation of assessment and monitoring procedures of customer risk and payment risk indicators;
Implementation of employees’ AML training to ensure their awareness of the ML/FT risks, internal procedures as well as employee obligations with respect to AML reporting;
Implementing procedures for periodic re-assessment of TETO Bank activities and adjustment of policies and procedures as may be required to ensure that they are adequate at all times;
Record keeping of audit controls and decision-making.
Policy Approvals, Revisions & Compliance Assurance
Approval must be obtained from the company’s Board of Directors before establishing or continuing an account relationship with the high-risk customer or undertaking any transaction for the high-risk Customer. The Board of Directors shall provide and record written reasons for its decision as to whether to approve or reject a high-risk customer.
The AML Policy and Procedures shall be subject to planned and/or ad hoc audits carried out by the Internal Auditor of TETO Bank or by any other suitably qualified external entity as may be requested by the Board of Directors from time to time. Such audits shall test TETO Bank for compliance against the requirements of the Act, the AML Regulations, and other applicable laws. Should an audit identify a compliance breach and/or any irregularity, these shall be formally reported to the Board of Directors for further investigation and timely rectification of identified non-conformances.
Risk-Based Approach
TETO Bank shall adopt a risk-based approach (“RBA”) in determining whether to accept or reject customers and to assess the risks of its business, its customers and transactions as the basis for developing adequate measures and rules to prevent money laundering and funding of terrorism.
A Risk-Based assessment enables a more targeted and focused approach to identifying and assessing risks that TETO Bank is or may be exposed to by applying resources to where they are most needed. The type of information required must therefore reflect the inherent level of ML/FT risk that each merchant represents.
A robust RBA will therefore reduce the costs incurred as regards to ongoing monitoring of client transactions and the procurement of paraphernal KYC documentation.
Money Laundering Reporting Officer
A Nominated Officer is the person within an organization who is responsible for overseeing all activity related to anti-money laundering matters. In the absence of the Nominated Officer, Supporting Nominated Officers will take his/her place.
TETO Bank shall appoint and maintain an officer of TETO Bank to act as CTETO Bank. Money Laundering Reporting Officer (‘MLRO’). The MLRO shall be an officer of TETO Bank with sufficient seniority, education, reputable background, experience, and command. TETO Bank Nominated Officers should remain up-to-date with AML/ATF rules and risks.
The MLRO’s responsibilities include:
• Receiving disclosures from employees (also known as Suspicious Transaction Report – STR’s);
• Deciding if disclosuresshould be passed on to the Financial Transactions and Reports Analysis Centre or the Royal Canadian Mounted Police (RCMP) or the Canadian Security Intelligence Service (CSIS).
• Reviewing all new laws and deciding how they impact on the operational process of the company;
• Preparing a written procedures manual and making it available to all staff and other stakeholders;
• Making sure appropriate due diligence is carried out on customers and business partners;
• Receiving internal Suspicious Transaction Report (STR) from staff;
• Maintaining controls and procedures aimed at deterring criminal elements from using TETO Bank resources;
• Setting up, monitoring, updating AML/CFT procedures, including KYC, record keeping, risk assessment, STR escalation protocols;
• Receiving internal Suspicious Transaction Report (STR) from staff;
• Recording all decisions relating to STRs appropriately;
• Ensuring staff receive anti-financial crime training when they join and that they receive regular refresher training;
• Making decisions about continuing or terminating trading activity with particular customers
• Making sure that all business records are kept for at least five years from the date of the last customer transaction as per FINTRAC regulations.
TETO Bank shall appoint a Supporting Nominated Officer to assist the MLRO in the fulfillment of his AML/CFT duties. The appointment of the designated employee shall in all cases receive the approval of the MLRO and shall work under his/her direction.
All Employees shall immediately notify the MLRO if he/she suspects or has any reason to suspect that any potentially suspicious activity has occurred or will occur if a transaction is completed. Employees are encouraged to seek the assistance of the MLRO with any questions or concerns they may have concerning the AML/CFT Policy & Procedures.
5.Customer due diligence
Identification and Verification
KYC means obtaining information about a customer over and above the required ID. The TETO Bank has implemented a KYC program to ensure all kinds of customers (natural or legal persons or legal structures) are subject to adequate identification, risk rating, and monitoring measures. This program has been implemented throughout all TETO Bank divisions. The purpose of this is to reduce the risk of the TETO Bank being used for money laundering and financing terrorism.
Multiple online directories of individual and business information are used to check all customer/client ID details before a full Individual or Business e-account is activated.
For Business clients, we also check their details against the public business registers (for example BUSINESS REGISTERS OF THE PROVINCES AND TERRITORIES.
The following “Know Your Customer” procedures will be helpful in identifying prospective face-to-face or non-face-to-face customers who may present money laundering and financing of terrorism and financing of proliferation risks. The TETO Bank applies a risk- based approach towards “know your customer” with reference to a customer’s geographic ties, chosen products, and/or services. A risk-based approach is applied as low, medium, or high. This risk-based approach indicates the risk of whether the given customer may use or will use the TETO Bank services and/or products for financial crime.
KYC controls typically include the following:
Collection and analysis of basic identity information (“Customer Identification Program” or CIP)
Name-matching against lists of known parties (such as “politically exposed persons” or PEPs)
Name-screening against sanctions lists
Determination of the customer’s risk in terms of propensity to commit money laundering, terrorism financing, or identity theft
Creation of an expectation of a customer’s transactional behavior
Monitoring of a customer’s transactions against expected behavior and recorded profile, as well as that of the customer’s peers
Having a properly defined and practiced KYC Policy
Identification of customers with inappropriate intentions to help detect suspicious activity in a timely manner, preventing money laundering or terrorist financing
Promotion of compliance with all regulations
Promotion of safe and sound money transfer practices
Minimization of the risk of services being used for illicit activities
Protection of the company’s reputation
In all cases, before taking on a new customer or engaging in a transaction with a customer with whom we do not have a well-established relationship, the TETO Bank completes sufficient due diligence to have confidence in the integrity of the customers and the lawfulness of the proposed transaction by following actions:
1. Make reasonable efforts to determine the true identity of all customers and the legal and beneficial ownership of all accounts;
2. Determine the customer’s citizenship, home, and business address, occupation, or type of business. Where appropriate, obtain supporting documentation.
3. Inquire whether the customer will have the sole interest in the account or whether there will be other persons who will have access to it. Verify the identity of all such persons and engage in any necessary due diligence regarding such other persons.
4. If the customer is not an individual:
A. Determine the legal status (e.g., corporation, partnership, or other form of entity).
B. Determine whether the customer is regulated, either in the TETO Bank or a foreign country.
C. Determine all principal persons of the customer, such as officers and directors, or persons who have a substantial beneficial interest (i.e. own equal or more than 25% share in the company). As per the PCMLTFA Regulations, TETO Bank shall ensure that corporate and other legal entities incorporated within their territory are required to obtain and hold adequate, accurate, and current information on their beneficial ownership. This includes details of beneficial interests held.
D. Obtain copies of all relevant organizational documents.
5. Identify the source of the customer’s funds
6. Screen the customer for:
A. Global Affairs Canadian sanctions list;
B. Account holders from countries listed on the Financial Action Task Force (“FATF”), and NCCT list found the FinCEN advisory list;
C. Persons with significant holdings, that hold over 25% equity or more in a business are now subject to AML/CTF screening;
D. Sanctions match;
7. Where appropriate, obtain information regarding the frequency with which the customer expects to transfer funds to or from the account, i.e. monthly, quarterly, or the nature of any third-party payments to or from the account;
8. Where appropriate, obtain and contact reputable references, such as professionals and other members of the financial industry, , securities companies, etc.
9. Government Officials and Foreign Accounts. Special procedures apply for accounts for the benefit of politically exposed persons (PEPs), including senior
government and political figures, particularly from certain countries, and for accounts opened by or through foreign and for clients from countries or industries deemed high risk. TETO Bank performs enhanced due diligence and ongoing due diligence measures proportionate to the risk of the customer. High-risk customers will therefore be subject to enhanced due diligence and ongoing due diligence. On-going due diligence processes will be applied to all existing customers within a specific period that will be determined by whether they are defined as high, medium, or low.
Each new business relationship must be reviewed according to the criteria as set forth under the law. This must be done before the establishment of the relationship or – where necessary for the continued normal conduct of business provided that the AML/CFT risks are low and verification steps are completed as soon as reasonably practical – during the relationship being established.
If, during an established relationship, doubts arise about the veracity or adequacy of previously obtained data, documents, or information or changes have occurred, then the customer due diligence measures as described above are to be repeated.
Enhanced Due Diligence
The TETO Bank implements Enhanced Customer Due Diligence (EDD) for clients classified as high-risk. These clients undergo further scrutiny beyond the standard Customer Due Diligence (CDD) requirements. This elevated level of due diligence is essential to mitigate the heightened risk associated with these clients. The integrity of the company’s EDD process relies heavily on the accuracy and credibility of information and sources used, as well as the expertise of well-trained analysts. These analysts are adept at sourcing, corroborating, interpreting, and making informed decisions based on the obtained information. Customers and legal entities originating from jurisdictions listed on the FATF grey list of territories (https://www.fatf-gafi.org/en/countries/black-and-grey-lists.html) are initially categorized as high-risk. Consequently, they are required to undergo Enhanced Customer Due Diligence (EDD) during the account opening process.
There are other circumstances where the risk of money laundering or terrorist financing is higher, such as (but not limited to):
The ownership structure appears unusual or excessively complex given the nature of the merchant’s business;
Directors or ultimate beneficial owners identified as politically exposed persons;
Transaction and merchant behavior (Is a risk posed by a merchant’s behavior? What risk is posed by the products the merchant is using? To whom and where are the collected payments settled?).
In such cases extended customer due diligence measures have to be taken. Further reference is made to the KYC/Onboarding policy.
Simplified Due Diligence
On the other hand, there are also circumstances where the risk of money laundering or terrorist financing may be lower, such as (but not limited to):
• cases where the merchant is a subject to requirements to combat money laundering and terrorist financing (consistent with the FATF Recommendations) and is supervised;
• cases where the merchant is a public company listed on a stock exchange and subject to disclosure requirements to ensure beneficial ownership transparency;
• country: countries where the merchant is located are:
o Identified by credible sources as having effective anti-money laundering/counter-terrorist financing systems;
o Identified by credible sources as having a low level of corruption or other criminal activity.
In such cases, and provided there has been an adequate analysis of the risk, simplified customer due diligence measures may be taken. Note that a lower risk for identification and verification purposes does not automatically mean the same merchant is at lower risk for all types of customer due diligence measures, for instance for ongoing monitoring.
6. Monitoring
TETO Bank will conduct periodic ongoing monitoring whenever a business relationship is established with a client. Clients of lower-risk categories will be subject to less frequent ongoing monitoring while high-risk clients will be subject to enhanced ongoing monitoring.
High-risk customers: Every 1 year
High-risk customers who belong to FATF grey-listed territories: Every 6 months.
Medium-risk customers: Every 2 years
Low-risk customers: Every 3 years
In addition to the above periodic reviews, existing CDD records should be reviewed upon trigger events. Examples of trigger events include:
Re-activation of a dormant account.
Change in the beneficial ownership or control of the account.
When a significant transaction is to take place.
When a material change occurs in the way the customer’s account is operated.
Transaction Monitoring & Updating Files
Customer due diligence measures are to be applied by TETO Bank to existing customers on the basis of materiality and risk. Due diligence on existing relationships is to be conducted at appropriate times, taking into account any previous customer due diligence measures being undertaken and the adequacy of the information obtained then.
TETO Bank should have policies, controls, and procedures in place that enable the effective management and mitigation of the risks that have been identified. TETO Bank should monitor the implementation of those controls and enhance them, if necessary. When assessing risks, TETO Bank should consider all the relevant risk factors before determining the level of overall risk and the appropriate level of mitigation to be applied.
The risk assessment referred to above must also include the review and monitoring of the Money laundering and terrorist financing risks to the business. TETO Bank must conduct ongoing monitoring of their business relationships with their
customers. Ongoing monitoring of business relationships means (i) transaction monitoring and (ii) up-to-date documents and information keeping.
Such review and monitoring, based upon a risk-based approach, will basically entail the monitoring of patterns for example a sudden increase in processing volumes, uncharacteristic transactions not in line with the known activities of merchants, and strange peaks. The monitoring criteria, tools, and measures are described in the AML procedure.
All personnel involved in monitoring unusual or suspicious transactions or activities must be diligent in their monitoring activities. Sufficient tools are to be provided that should enable and facilitate monitoring to the fullest extent and minimize any human failure as much as reasonably possible.
The systems of internal control and communication must be capable of meeting the requirements of identifying unusual or suspicious transactions or activities. TETO Bank must ensure that appropriate controls are put in place to lessen the risks as identified and prevent the business from being used for money laundering or terrorist financing. Managing and mitigating these risks must at least involve:
Applying ongoing customer due diligence measures to verify the identity of the merchants and any ultimate beneficial owners:
Obtaining additional information on high-risk merchants;
Conducting ongoing monitoring of transactions and activity of merchants;
Having systems to identify and scrutinize unusual transactions and activity to determine whether there are reasonable grounds for knowing or suspecting that money laundering or terrorist financing may take place
Not only should ongoing monitoring reflect the monitoring of the merchant activities and transactions, but TETO Bank should furthermore implement means of assessing whether its risk mitigation procedures and controls are working effectively and where improvement is required. The relevant procedures need to be kept under regular review.
The reporting of unusual transactions/activity must comply with the Applicable Regulations and must be informed about all unusual transactions/activities.
7.Politically Exposed Persons
The definition of ’PEP’ is set out below:
Is or has, at any time in the preceding year, been entrusted with prominent public functions
Is an immediate family member of such a person
Is a known associate of such a person
Is the resident outside or within the
Is or has, at any time in the preceding year, been entrusted with a prominent public function by –
Any state;
The European Community; or
An international body; or
Please note: An immediate family member or a known close associate of a person referred to in the paragraph immediately above does not necessarily qualify as a PEP without the appropriate risk assessment.
In cases where PEP is identified:
Senior management approval should always be sought before establishing a business relationship with a PEP
The source of funds should be established
The business relationship should be subject to enhanced and constant monitoring.
Establishing the source of funds
It is important that before a business relationship is entered into with a PEP their source of funds is established and the Company is satisfied that there are no indications that funds that will be used for transactions to be carried out are derived from corruption (i.e. receipt of bribes), fraud or an attempt by the PEP to remove/hide assets from their home country.
The source of the PEP’s funds may be established by asking the individual concerned a series of questions to determine from where they receive their money. These questions could include confirmation of the main source income (i.e. salary), any business interest, or investments from which funds are/will be received.
Making a decision to transact with the PEP
In order to satisfy itself, below are areas on which questions can be asked of the PEP to determine whether a business relationship should be established- information from this can be presented to Senior Management of TETO Bank to make an informed decision:
What are the position and the duties of the PEP- (please note that a less ‘senior’ PEP is less of a risk than heads of state, MP’s, members of the Judiciary, and Ambassadors)
Are there any family members/close associates that are PEPs also?
Identify the customer and the beneficial owner of the account.
Know the customer’s country of residence.
Know the objective of opening the account and the volume and nature of the activity expected for the account.
Obtain information on the occupation and the other income sources.
Obtain information about the direct family members or associates who have the power to conduct transactions on the account
8.Identification of suspicious activity
Having identified a customer and conducted the necessary due diligence, we will be in a good position to spot anything unusual with the customers, their actions, inactions, or transactions
Look out for any suspicious actions or activity at every dealing stage with the customer. For example, this can be an unusual remittance abroad or a transaction amount that is not in a normal line of activity.
The following list provides several types of behavior or activity that may be suspicious. The list is not exhaustive and not conclusive. Rather employees who have contact with customers, intermediaries, or counterparties should use the list as a guide for inquiry and follow-up:
• The customer wishes to engage in transactions that lack business sense or are inconsistent with the client’s stated business/strategy.
• The customer exhibits unusual concern for secrecy, particularly with respect to his identity, type of business, or dealings with companies.
• Upon request, the customer refuses to identify or fails to indicate a legitimate source for his funds.
• The customer exhibits an unusual lack of concern regarding risks, commissions, or other transaction costs.
• The customer appears to operate as an agent for an undisclosed principal but is reluctant to provide information regarding the principal.
• The customer has difficulty describing the nature of his business. The customer lacks general knowledge of his industry.
• For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or third-party transfers.
• The customer is from or has accounts in, a country identified as a haven for money laundering.
• The customer, or a person publicly or known to be associated with the customer, has a questionable background including prior criminal convictions. • The customer account has unexplained or sudden extensive activity, especially in accounts that had little or no previous activity.
• The customer account shows numerous currencies or cash transactions aggregating to significant sums. This is however not relevant as TETO Bank does not have any cash transactions.
• The customer account has a large number of wire transfers to unrelated third parties.
• The customer account has wire transfers to or from a bank-secrecy haven country or country identified as a money laundering risk.
• The customer account has unusual transactions or transactions that are disproportionate to the customer’s known business
Also, FINTRAC has issued the following guidelines on suspicious transactions with more specific ML/TF indicators related to MSB:
Customer requests a transaction at a foreign exchange rate that exceeds the posted rate.
Customer wants to pay transaction fees that exceed the posted fees.
Customer exchanges currency and requests the largest possible denomination bills in a foreign currency.
Customer knows little about address and contact details for payee, is reluctant to disclose this information, or requests a bearer instrument.
Customer wants a cheque issued in the same currency to replace the one being cashed.
Customer wants cash converted to a cheque and you are not normally involved in issuing cheques.
Customer wants to exchange cash for numerous postal money orders in small amounts for numerous other parties.
Customer enters into transactions with counterparties in locations that are unusual for the customer.
Customer instructs that funds are to be picked up by a third party on behalf of the payee.
Customer makes large purchases of traveler’s cheques not consistent with known travel plans.
Customer makes purchases of money orders in large volumes.
Customer requests numerous cheques in small amounts and various names, which total the amount of the exchange.
Customer requests that a cheque or money order be made out to the bearer.
Customer requests that a large amount of foreign currency be exchanged for another foreign currency.
Customer purchases a large volume of money orders and changes payment type to avoid reporting requirements;
If you identify suspicious activity, contact the Nominated Officer who is responsible for issuing a Suspicious Transaction Report through the FINTRAC online system. The Nominated Officer should also notify senior management.
Note: DO NOT raise any concerns with the customer or use words to suggest you are not happy with anything that may tip them off.
9.Reporting procedure
The reporting requirements for Anti-Money Laundering (AML) in Canada are stipulated under the PCMLTFA and its associated regulations. However, specific details regarding the frequency of reporting by AML-responsible personnel may depend on the nature and circumstances of the reporting.
Here are some aspects related to reporting in the Canadian AML context:
Large Cash Transactions (LCT) Reporting:
Frequency: Money Services Businesses (MSBs) and other reporting entities must report large cash transactions (exceeding $10,000 CAD) to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).
Electronic Funds Transfer (EFT) Reporting:
Frequency: Reporting entities, including MSBs, must report certain electronic funds transfers (EFTs) to FINTRAC.
Suspicious Transaction Reports (STR) Reporting:
Frequency: Reporting entities are required to submit Suspicious Transaction Reports (STRs) when they have reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing.
The STR should contain as a minimum the following information:
• Details and identification data of all parties to the transaction
• The owner of the monies in question
• How the identity of the client was verified
• A full description of the transaction
• Reason for suspicion and supporting evidence
• Details of any assets which are subject to international sanctions
If in doubt, the staff member should call the Nominated Officer to discuss the reasons for their suspicion – however, they should be careful not to do this whilst the customer is standing in front of them or via any communication exchanged with the customer (they may ‘tip-off’ the customer otherwise, see below).
The timing for submitting the internal STR is important. The law states that an individual working in the regulated sector should make a report as soon as he or she becomes suspicious.
This may mean either before the transaction takes place or immediately afterward.
When a staff member becomes aware that a customer wants to carry out a transaction which is suspicious and the timing for the transaction allows it, the staff member must ensure that ‘consent’ is given before processing the transaction. ‘Consent’ means that the company has sought and obtained approval from the FINTRAC to process the transaction. Further information on ‘seeking consent’ is provided below.
However, staff may decide that there would be a danger that if they were to seek consent for a particular transaction (i.e. in advance of the transaction taking place) there might be a danger that the customer would be ‘tipped off’. See below for more information on ‘tipping off’.
All staff members will have fully discharged their duties and will have the full protection of the law, once a report of their suspicions has been made to the company Nominated Officer.
Once the Nominated Officer receives the internal STR from the staff member, the Nominated Officer has two options:
Report the STR to FINTRAC RCMP or CSIS. (see procedure below);
File an internal note indicating why, on the basis of a review of the circumstances around the transaction, it is judged not necessary to make a report to FINTRAC or RCMP, or CSIS;
The Nominated Officer should complete the Nominated Officer STR Resolution form (see appendix for sample) in the event he decides not to make a report to FINTRAC RCMP or CSIS.
Tipping Off
Any staff member needs to make a judgment as to whether any delay to the transaction (‘consent request’) would have the effect of ‘tipping off’ the customer. It is a criminal offence under section 333 of the Proceeds of Crime Act 2002, to do or say anything that might either ‘tip-off’ another person that a disclosure has been made or in any way prejudice an investigation.
This means that businesses must not tell a customer:
• that a transaction was/is being delayed because consent from FINTRAC RCMP or CSIS has been requested;
• that details of their transactions or activities will be/have been reported to FINTRAC RCMP or CSIS;
• that they are being investigated by law enforcement.
In situations where delaying a transaction may inadvertently lead to ‘tipping off’, it will make sense to process the transaction and then ensure that an STR is submitted to the Nominated Officer as soon as possible. The staff member will have the protection of the law as soon as a STR has been submitted to the Nominated Officer
If in doubt about whether to proceed with a transaction, the staff member should immediately contact the Nominated Officer for advice
Documentation
Supporting documentation is a cornerstone of our anti-money laundering and counterterrorism financing procedures. Unrecorded steps are soon forgotten. Records assist in tracking relevant information and in demonstrating that the company/individual has conducted our business responsibly and with integrity.
All interviews, searches, and activities undertaken to verify the integrity of transactions and persons must be documented and stored for reference by TETO Bank, OFSI, and FINTRAC if and when required. All records must be kept for a minimum of five years after the business relationship with the customer ends
10. Record keeping
TETO Bank must be able to demonstrate its compliance with the Applicable Regulations, by means of keeping evidence and records of due diligence checks made and information held on merchants and transactions. The following records are to be kept:
• All documents obtained for the purpose of identifying the merchant and the ultimate beneficial owners;
• Verification evidence on the identification documents obtained and the resolution of any discrepancy in the identifying information;
• Supporting records in respect of the business relationships;
• Results of credit analysis or any other analysis undertaken;
• Transaction data must be maintained in a form that can easily be compiled for an audit trail and which establishes the right transaction profile of the merchant;
• All other information related to money laundering matters.
Records are to be kept for at least five years, beginning either on the date on which (i) the business relationship ends for all customer identification/due diligence records and (ii) the transaction is completed for all transaction records.
Record Sharing
TETO Bank will share AML information (customer identification, due diligence and transaction records, and other relevant information) with the FIU, law enforcement authorities, and other , if it is requested to do so TETO Bank will maintain procedures to protect on one hand the security of requests from such authorities, but on the other hand not unnecessarily jeopardize the confidentiality rights of the merchants.
TETO Bank will share information about those suspected of terrorist financing and money laundering with other for the purposes of identifying and reporting activities that may involve terrorist acts or money laundering activities and to determine whether to establish or maintain a business relationship or engage in a transaction. Furthermore, upon request, TETO Bank may be required to submit periodical reports on its policies, procedures, and other information, in a format as required by the FIU.
11. Staff awareness and training
The MLRO shall make sure that initial and ongoing training is provided to employees, at least annually, to ensure that all relevant staff is aware of the regulatory obligations of TETO Bank under the Applicable Regulations, their personal responsibilities, and how to recognize and handle suspicious transactions
The compliance team including any other customer-facing and/or transaction-facing employees whose duties include the handling of relevant financial business or activity as defined under the Applicable Regulations shall receive more detailed training about TETO Bank AML procedures with respect to identifying clients, monitoring, record-keeping, remaining vigilant at all times, and reporting any unusual/suspicious transactions. Training logs will be maintained.
TETO Bank maintains an ongoing employee training program so that the staff is adequately trained in KYC procedures and that the staff is aware of different possible patterns and techniques of money laundering that may occur in their everyday business. Training requirements should have a different focus for new staff, front-line staff, compliance staff, or staff dealing with new customers/Merchants. The new staff is educated on the importance of KYC policies and the basic requirements at the Company. Training is given to all staff members upon commencement of taking on the position in the TETO Bank and on regular occasions afterward (at least once a year).
Staff members who deal directly with the customers are trained to verify the identity of new customers, to exercise due diligence in handling accounts of existing customers on an ongoing basis, and to detect patterns of suspicious activity. Training also covers the general duties arising from applicable external (legal and regulatory), and internal requirements and the resulting individual duties that must be adhered to in everyday business as well as typologies to recognize money laundering or financial crime activities or sanctions violation typologies.
Regular refresher training is provided to ensure that employees are reminded of their responsibilities and are kept informed of new developments. It is crucial that all relevant staff fully understand the need for and implement KYC policies consistently. A culture within services that promotes such understanding is the key to a successful implementation.
Training covers the following issues:
The law relating to financial crime;
Risks associated with the financial crime threat to the company (see, for example, www.egmontgroup.org);
Identity and responsibilities of the Nominated Officer;
Internal policies and procedures put in place;
Customer Due Diligence/Enhanced due diligence monitoring measures;
Suspicious activity – what to look out for;
How to submit an internal Suspicious Transaction Report to the Nominated Officer;
Record-keeping requirements;
Possible sanctions violation – what to look out for;
The Nominated Officer will keep a log of all training which is provided to staff members. All staff will be required to sign the training log where required to confirm that they have received training. The Nominated Officer will circulate to all staff other material to heighten awareness of anti-financial crime issues. This must be placed on the company notice board which should be available in all company’s locations
The Nominated Officer shall be responsible for including information in respect of his/her education and training program(s) attended during the year in his/her Annual Report.
Role of the Employee
In the situation that an employee has suspicions about a customer and/or transaction, he must ensure that the company Nominated Officer is notified about his suspicions as soon as possible. Staff should use the internal ‘Suspicious Transaction Report Form’ (see appendix for example).
The STR should contain as a minimum the following information:
Date/time of transaction
Amount
Customer name/customer ID information (e.g. passport number, etc)
Transaction number
Reason for suspicion of transaction
If in doubt, the staff member should call the Nominated Officer to discuss the reasons for their suspicion– however, they should be careful not to do this whilst the customer is standing in front of them (they may ‘tip-off’ the customer otherwise, see below). The timing for submitting the internal STR is important. The law states that an individual working in the regulated sector (i.e. or API) should make a report as soon as he or she becomes suspicious. This may mean either before the transaction takes place or immediately afterward. However, staff may decide that there would be a danger that if they were to seek consent for a particular transaction (i.e. in advance of the transaction taking place) there might be a danger that the customer would be ‘tipped off’. See below for more information on ‘tipping off’.
All staff members will have fully discharged their duties and will have the full protection of the law, once a report of their suspicions has been made to the company Nominated Officer.
Once the Nominated Officer receives the internal STR from the staff member, the Nominated Officer has two options:
Report the STR on to FINTRAC RCMP or CSIS.
File an internal note indicating why, on the basis of a review of the circumstances around the transaction, it is judged not necessary to make a report to FINTRAC or RCMP, or CSIS. The Nominated Officer should complete the Nominated Officer STR Resolution form in the event he decides not to make a report.
ANNEX 1 – Risk Appetite
1. Prohibited Businesses, Activities
The company has set itself the prohibition of the list of goods and services (industry):
1.Banknotes sales;
2.Drugs and the use of a drug or drug-like substance;
3.Arms and ammunition;
4.Jewelry, precious metals;
5.Reinsurance and insurance services;
6.Binary Options;
7.Multi-level marketing (MLM);
8.Antiques and art trade;
9.Pharmacies and pharmaceutical activity, pharmaceutical, proprietary medicinal products and pharmaceutical trade;
10. The sale of tobacco products;
11. Illegal / piracy audio or video recordings;
12. Infringing goods (counterfeit goods);
13. Sexual services, Adult;
14. Financial pyramid;
15. Debt collection services;
16. Accept assets that are known or suspected to be the proceeds of criminal activity;
17. Enter into/maintain business relationships with individuals or entities known or suspected to be a terrorist or a criminal organization or member of such or listed on sanction lists;
18. Maintain anonymous accounts, accounts for shell or pay-through accounts.
19. Persons/corporations involved in promoting, controlling or operating religious denominations or organizations of any nature;
20. “Migrants associations”, peculiar ‘religious’ organizations that come with questionable introductions (especially from countries connected with terrorism);
21. ‘Hawala’ or similar unlicensed money transfer activities that defeat common sense explanations; 22. Political Parties; 23. Offshore ;
Prohibited Countries
Botswana
Burkina Faso
Burma
Burundi
Myanmar
Nicaragua
Pakistan
Palestine
Panama
Philippines
Russian Federation
Senegal
Somalia
South Sudan
Sudan
Syria
The Bahamas
Trinidad and Tobago
Uganda
Venezuela
Yemen
Zimbabwe
Afghanistan
Albania
Barbados
Belarus
Cambodia
Cayman Islands Central
African Republic Crimea
Cuba
Democratic People’s Republic of Korea (DPRK)
Democratic Republic of the Congo
Ghana
Haiti
Iran
Iraq
Jamaica
Lebanon
Libya
Mali
Mauritius
Morocco